[SOLVED] CVE-2016-3125 (proftpd)

Support for security such as Firewalls and securing linux
Post Reply
sup3rm4n
Posts: 2
Joined: 2016/04/12 14:25:49

[SOLVED] CVE-2016-3125 (proftpd)

Post by sup3rm4n » 2016/04/12 14:40:06

I had a question about CVE-2016-3125 in regards to Centos 6.7. It's for proftpd, the details of the CVE say before 1.3.5b and 1.3.6rc2. However it seems the most up-to-date rpm from the CentOS repo is 1.3.3g-8.el6 I can't find if 1.3.3g-8.el6 is effected at all by this CVE, it is a previous version, however it's not listed as an effected version either. Also I know with Red Hat sometimes rolls up security patches into older RPMs. Any information on this would be helpful. Thanks guys!

Reference:
https://www.cvedetails.com/cve/CVE-2016-3125/

User avatar
avij
Retired Moderator
Posts: 3039
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CVE-2016-3125

Post by avij » 2016/04/12 15:04:43

There is no proftpd in CentOS 6. Perhaps you are using the EPEL package of proftpd, in which case you should follow this bug entry for any updates: https://bugzilla.redhat.com/show_bug.cg ... -2016-3125

edit: Or rather this one, which states that the bug was fixed in proftpd-1.3.3g-9.el6. Perhaps you should do a yum update --enablerepo=epel-testing

sup3rm4n
Posts: 2
Joined: 2016/04/12 14:25:49

Re: CVE-2016-3125

Post by sup3rm4n » 2016/04/12 17:14:18

Yep,

That's what it was and that updated without issue. Thanks avij!

Post Reply

Return to “CentOS 6 - Security Support”